upgrade to express 4.x

cleanup package.json

put errorHandler middleware as the last one

use accepts module instead of req.acceptedLanguages

use normal object notation as it is supported is es5

remove deprecations from auth controller

remove deprecations from groups controller

Revert "remove deprecations from groups controller"

This reverts commit 7cf3629.

Revert "remove deprecations from auth controller"

This reverts commit deecd70.

request limit upped to 1mb and 10k chars for query parameters

Upgrade to Express 4.x

package.json

@@ -4,20 +4,25 @@
   "version": "0.0.0-152",
   "main": "./website/src/server.js",
   "dependencies": {
+    "accepts": "^1.2.12",
     "amazon-payments": "0.0.4",
     "amplitude": "^2.0.1",
     "async": "~0.9.0",
     "aws-sdk": "^2.0.25",
     "babel": "^5.5.4",
     "gulp-babel": "^5.2.1",
+    "body-parser": "^1.13.3",
     "bower": "~1.3.12",
     "browserify": "~3.30.2",
     "coffee-script": "1.6.x",
     "coffeeify": "0.6.0",
+    "compression": "^1.5.2",
     "connect-ratelimit": "0.0.7",
+    "cookie-parser": "^1.3.5",
+    "cookie-session": "^1.2.0",
     "coupon-code": "~0.3.0",
     "domain-middleware": "~0.1.0",
-    "express": "~3.17.5",
+    "express": "~4.13.3",
     "express-csv": "~0.6.0",
     "firebase": "^2.2.9",
     "firebase-token-generator": "^2.0.0",
@@ -55,6 +60,7 @@
     "moment": "~2.8.3",
     "mongoose": "~3.8.23",
     "mongoose-id-autoinc": "~2013.7.14-4",
+    "morgan": "^1.6.1",
     "nconf": "~0.6.9",
     "newrelic": "~1.11.2",
     "nib": "~1.0.1",
@@ -71,6 +77,7 @@
     "qs": "^2.3.2",
     "request": "~2.44.0",
     "s3-upload-stream": "^1.0.6",
+    "serve-favicon": "^2.3.0",
     "stripe": "*",
     "superagent": "~1.4.0",
     "swagger-node-express": "lefnire/swagger-node-express#habitrpg",
@@ -81,11 +88,6 @@
     "winston-newrelic": "~0.1.4"
   },
   "private": true,
-  "subdomain": "habitrpg",
-  "domains": [
-    "habitrpg.com",
-    "www.habitrpg.com"
-  ],
   "engines": {
     "node": "0.10.x"
   },

website/src/controllers/challenges.js

@@ -297,7 +297,7 @@ function closeChal(cid, broken, cb) {
 /**
  * Delete & close
  */
-api['delete'] = function(req, res, next){
+api.delete = function(req, res, next){
   var user = res.locals.user;
   var cid = req.params.cid;
 

website/src/controllers/groups.js

@@ -521,6 +521,7 @@ api.leave = function(req, res, next) {
   group.leave(user, keep, function(err){
     if (err) return next(err);
     user = group = keep = null;
+
     return res.send(204);
   });
 };
@@ -683,7 +684,7 @@ api.invite = function(req, res, next){
   } else if (req.body.emails) {
     inviteByEmails(req.body.emails, group, req, res, next)
   } else {
-    return res.json(400,{err: "Can invite only by email or uuid"});
+    return res.json(400, {err: "Can only invite by email or uuid"});
   }
 }
 

website/src/controllers/user.js

@@ -364,7 +364,7 @@ api.cron = function(req, res, next) {
 // api.reroll // Shared.ops
 // api.reset // Shared.ops
 
-api['delete'] = function(req, res, next) {
+api.delete = function(req, res, next) {
   var user = res.locals.user;
   var plan = user.purchased.plan;
 

website/src/i18n.js

@@ -1,9 +1,10 @@
-var fs = require('fs'),
-    path = require('path'),
-    _ = require('lodash'),
-    User = require('./models/user').model,
-    shared = require('../../common'),
-    translations = {};
+var fs = require('fs');
+var path = require('path');
+var _ = require('lodash');
+var accepts = require('accepts');
+var User = require('./models/user').model;
+var shared = require('../../common');
+var translations = {};
 
 var localePath = path.join(__dirname, "/../../common/locales/")
 
@@ -74,7 +75,9 @@ var chineseVersions = ['zh-tw'];
 
 var getUserLanguage = function(req, res, next){
   var getFromBrowser = function(){
-    var acceptable = _(req.acceptedLanguages).map(function(lang){
+    var acceptedLanguages = accepts(req).languages();
+
+    var acceptable = _(acceptedLanguages).map(function(lang){
       return lang.slice(0, 2);
     }).uniq().value();
 
@@ -83,7 +86,7 @@ var getUserLanguage = function(req, res, next){
     var iAcceptedCompleteLang = (matches.length > 0) ? multipleVersionsLanguages.indexOf(matches[0].toLowerCase()) : -1;
 
     if(iAcceptedCompleteLang !== -1){
-      var acceptedCompleteLang = _.find(req.acceptedLanguages, function(accepted){
+      var acceptedCompleteLang = _.find(acceptedLanguages, function(accepted){
         return accepted.slice(0, 2) == multipleVersionsLanguages[iAcceptedCompleteLang];
       });
 

website/src/routes/apiv1.js

@@ -155,7 +155,7 @@ router.post('/user/tasks/:id/:direction', auth.auth, i18n.getUserLanguage, cron,
 // Tasks
 router.get('/user/tasks', auth.auth, i18n.getUserLanguage, cron, api.getTasks);
 router.get('/user/task/:id', auth.auth, i18n.getUserLanguage, cron, api.getTask);
-router["delete"]('/user/task/:id', auth.auth, i18n.getUserLanguage, cron, api.deleteTask);
+router.delete('/user/task/:id', auth.auth, i18n.getUserLanguage, cron, api.deleteTask);
 router.post('/user/task', auth.auth, i18n.getUserLanguage, cron, api.addTask);
 
 // User

website/src/routes/apiv2.coffee

@@ -265,7 +265,7 @@ module.exports = (swagger, v2) ->
         method: 'DELETE'
         description: "Delete a user object entirely, USE WITH CAUTION!"
       middleware: [auth.auth, i18n.getUserLanguage]
-      action: user["delete"]
+      action: user.delete
 
     "/user/revive":
       spec:
@@ -774,7 +774,7 @@ module.exports = (swagger, v2) ->
         description: "Delete a challenge"
         parameters: [path('cid','Challenge id','string')]
       middleware: [auth.auth, i18n.getUserLanguage]
-      action: challenges["delete"]
+      action: challenges.delete
 
     "/challenges/{cid}/close":
       spec:

website/src/server.js

@@ -1,5 +1,5 @@
 // Only do the minimal amount of work before forking just in case of a dyno restart
-var cluster = require("cluster");
+var cluster = require('cluster');
 var _ = require('lodash');
 var nconf = require('nconf');
 var utils = require('./utils');
@@ -8,7 +8,7 @@ var logging = require('./logging');
 var isProd = nconf.get('NODE_ENV') === 'production';
 var isDev = nconf.get('NODE_ENV') === 'development';
 var DISABLE_LOGGING = nconf.get('DISABLE_REQUEST_LOGGING');
-var cores = +nconf.get("WEB_CONCURRENCY") || 0;
+var cores = +nconf.get('WEB_CONCURRENCY') || 0;
 
 if (cores!==0 && cluster.isMaster && (isDev || isProd)) {
   // Fork workers. If config.json has CORES=x, use that - otherwise, use all cpus-1 (production)
@@ -21,10 +21,10 @@ if (cores!==0 && cluster.isMaster && (isDev || isProd)) {
 
 } else {
   require('coffee-script'); // remove this once we've fully converted over
-  var express = require("express");
-  var http = require("http");
-  var path = require("path");
-  var swagger = require("swagger-node-express");
+  var express = require('express');
+  var http = require('http');
+  var path = require('path');
+  var swagger = require('swagger-node-express');
   var autoinc = require('mongoose-id-autoinc');
   var shared = require('../../common');
 
@@ -77,8 +77,8 @@ if (cores!==0 && cluster.isMaster && (isDev || isProd)) {
   // This auth strategy is no longer used. It's just kept around for auth.js#loginFacebook() (passport._strategies.facebook.userProfile)
   // The proper fix would be to move to a general OAuth module simply to verify accessTokens
   passport.use(new FacebookStrategy({
-    clientID: nconf.get("FACEBOOK_KEY"),
-    clientSecret: nconf.get("FACEBOOK_SECRET"),
+    clientID: nconf.get('FACEBOOK_KEY'),
+    clientSecret: nconf.get('FACEBOOK_SECRET'),
     //callbackURL: nconf.get("BASE_URL") + "/auth/facebook/callback"
   },
     function(accessToken, refreshToken, profile, done) {
@@ -87,61 +87,75 @@ if (cores!==0 && cluster.isMaster && (isDev || isProd)) {
    ));
 
   // ------------  Server Configuration ------------
-  var publicDir = path.join(__dirname, "/../public");
+  var publicDir = path.join(__dirname, '/../public');
 
-  app.set("port", nconf.get('PORT'));
+  app.set('port', nconf.get('PORT'));
   require('./middlewares/apiThrottle')(app);
   app.use(require('./middlewares/domain')(server,mongoose));
-  if (!isProd && !DISABLE_LOGGING) app.use(express.logger("dev"));
-  app.use(express.compress());
-  app.set("views", __dirname + "/../views");
-  app.set("view engine", "jade");
-  app.use(express.favicon(publicDir + '/favicon.ico'));
+  if (!isProd && !DISABLE_LOGGING) app.use(require('morgan')('dev'));
+  app.use(require('compression')());
+  app.set('views', __dirname + '/../views');
+  app.set('view engine', 'jade');
+  app.use(require('serve-favicon')(publicDir + '/favicon.ico'));
   app.use(require('./middlewares/cors'));
 
   var redirects = require('./middlewares/redirects');
   app.use(redirects.forceHabitica);
   app.use(redirects.forceSSL);
-  app.use(express.urlencoded());
-  app.use(express.json());
+
+  var bodyParser = require('body-parser');
+  // Default limit is 100kb, need that because we actually send whole groups to the server
+  // FIXME as soon as possible (need to move on the client from $resource -> $http)    
+  app.use(bodyParser.urlencoded({
+    limit: '1mb',
+    parameterLimit: 10000, // Upped for safety from 1k, FIXME as above
+    extended: true // Uses 'qs' library as old connect middleware
+  }));
+  app.use(bodyParser.json({
+    limit: '1mb'
+  }));
+
   app.use(require('method-override')());
   //app.use(express.cookieParser(nconf.get('SESSION_SECRET')));
-  app.use(express.cookieParser());
-  app.use(express.cookieSession({ secret: nconf.get('SESSION_SECRET'), httpOnly: false, cookie: { maxAge: TWO_WEEKS }}));
-  //app.use(express.session());
+  app.use(require('cookie-parser')());
+  app.use(require('cookie-session')({
+    name: 'connect:sess', // Used to keep backward compatibility with Express 3 cookies
+    secret: nconf.get('SESSION_SECRET'),
+    httpOnly: false,
+    maxAge: TWO_WEEKS
+  }));
 
   // Initialize Passport!  Also use passport.session() middleware, to support
   // persistent login sessions (recommended).
   app.use(passport.initialize());
   app.use(passport.session());
 
-  app.use(app.router);
-
-  var maxAge = isProd ? 31536000000 : 0;
-  // Cache emojis without copying them to build, they are too many
-  app.use(express['static'](path.join(__dirname, "/../build"), { maxAge: maxAge }));
-  app.use('/common/dist', express['static'](publicDir + "/../../common/dist", { maxAge: maxAge }));
-  app.use('/common/audio', express['static'](publicDir + "/../../common/audio", { maxAge: maxAge }));
-  app.use('/common/script/public', express['static'](publicDir + "/../../common/script/public", { maxAge: maxAge }));
-  app.use('/common/img', express['static'](publicDir + "/../../common/img", { maxAge: maxAge }));
-  app.use(express['static'](publicDir));
-
   // Custom Directives
-  app.use(require('./routes/pages').middleware);
-  app.use(require('./routes/payments').middleware);
-  app.use(require('./routes/auth').middleware);
-  app.use(require('./routes/coupon').middleware);
-  app.use(require('./routes/unsubscription').middleware);
+  app.use(require('./routes/pages'));
+  app.use(require('./routes/payments'));
+  app.use(require('./routes/auth'));
+  app.use(require('./routes/coupon'));
+  app.use(require('./routes/unsubscription'));
   var v2 = express();
   app.use('/api/v2', v2);
-  app.use('/api/v1', require('./routes/apiv1').middleware);
-  app.use('/export', require('./routes/dataexport').middleware);
+  app.use('/api/v1', require('./routes/apiv1'));
+  app.use('/export', require('./routes/dataexport'));
   require('./routes/apiv2.coffee')(swagger, v2);
+
+  var maxAge = isProd ? 31536000000 : 0;
+  // Cache emojis without copying them to build, they are too many
+  app.use(express.static(path.join(__dirname, '/../build'), { maxAge: maxAge }));
+  app.use('/common/dist', express.static(publicDir + '/../../common/dist', { maxAge: maxAge }));
+  app.use('/common/audio', express.static(publicDir + '/../../common/audio', { maxAge: maxAge }));
+  app.use('/common/script/public', express.static(publicDir + '/../../common/script/public', { maxAge: maxAge }));
+  app.use('/common/img', express.static(publicDir + '/../../common/img', { maxAge: maxAge }));
+  app.use(express.static(publicDir));
+
   app.use(require('./middlewares/errorHandler'));
 
   server.on('request', app);
-  server.listen(app.get("port"), function() {
-    return logging.info("Express server listening on port " + app.get("port"));
+  server.listen(app.get('port'), function() {
+    return logging.info('Express server listening on port ' + app.get('port'));
   });
 
   module.exports = server;